Paradex integration hacked as Mithril trading bot subkeys compromised

Paradex, a decentralized perpetual futures exchange, is back in the headlines after it announced that one of its integrations, the Mithril trading bot, was involved in a security compromise. 

The latest news comes days after it initiated a major chain rollback prompted by a serious technical glitch. 

The previous incident was not caused by an exploit, but this most recent one, which was announced on January 21, has been linked to a hacker.  

What happened to the Mithril trading bot?

According to the official post from the Paradex team, an attacker gained access to Mithril’s internal systems, which led to approximately 57 user subkeys getting compromised. 

Subkeys are known as limited-permission keys that take trades on behalf of a user; however, they don’t have the ability to withdraw funds from your account and are commonly used by third-party applications and bots.

The team has acted promptly in response to the compromise. They have paused all XP transfers and promised to re-enable them shortly, and have also revoked all subkeys linked with Mithril trading accounts. 

Only users who had their accounts connected to the trading bots were potentially affected by this exploit, the team has claimed. 

The team ended the post by pointing out that anyone who grants a subkey to any third-party bot, app, or platform is effectively trusting their security practices to protect their respective accounts. 

“Paradex cannot control or audit how external services store and secure your keys. Before connecting to any third-party service, consider the risks and only grant permissions to platforms you trust,” the team wrote on X. 

Those are carefully chosen words and could be seen as the team shifting responsibility to users and the third-party provider rather than fully owning any potential partnership shortcomings. 

Technical glitch forced Paradex to initiate a chain rollback 

A couple of days before this attack, on January 19, 2026, Paradex suffered a serious technical glitch during what was described as a scheduled maintenance. The glitch was caused by a faulty database migration, which caused the platform to erroneously price assets at $0, shocking many of the traders, especially those who had open positions. 

It triggered through an automated liquidation engine, resulting in mass forced closures of leveraged positions across the Perps exchange. The error went beyond mere UI display issues, as several other services were reported down before the team intervened. 

To fix the problem, the team proposed a chain rollback, and even though there was some resistance, they went ahead with it, rolling the blockchain back to an earlier verified state. This effectively reversed the problematic transactions and halted trading for some hours. 

On X, the team reassured community members and users that funds were mostly safe and the platform was able to return to normal after the recovery. One day later, the team announced that it had completed a review of accounts impacted by the incident and had refunded all users who were incorrectly liquidated (primarily related to PAXG). 

In total, $650,000 was reportedly distributed across 200 accounts, and since then, Gigavault deposits and withdrawals have resumed. 

“Tickets related to these refunds will be closed automatically. All other tickets will be reviewed and addressed over the next few days,” the team wrote on X, thanking users for their patience.

Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free.